Responsible AI (RAI) is a critical practice applied throughout the lifecycle of an AI model, including development, training, fine-tuning, evaluation, deployment, and inference. It ensures that models are secure, stable, fair, and aligned with societal ethics. PAI provides a safety guardrail feature to ensure the content security of prompt inputs and model inference results in AI systems.
Qwen3Guard is a series of open source security audit models built on Qwen3. It supports detailed risk assessment by classifying outputs into three severity levels: safe, controversial, and unsafe. It also adapts to various deployment scenarios.
This topic uses the Qwen3Guard-Gen-0.6B model as an example to describe how to deploy and fine-tune the model in the Model Gallery, and how to configure and use Qwen3Guard for security detection in the safety guardrail.
Limits
-
Region limit for the safety guardrail feature: The safety guardrail feature is available only in the China (Shanghai) region.
-
Resource requirements for model fine-tuning: A minimum of 24 GB of VRAM is required.
Step 1: Deploy and invoke the model
Deploy the model
-
Go to the Model Gallery page.
-
Log on to the PAI console.
-
In the upper-left corner of the top navigation bar, select the China (Shanghai) region.
-
In the navigation pane on the left, choose Workspaces, and then click the name of the target workspace to open the workspace page.
-
In the navigation pane on the left, choose QuickStart > Model Gallery.
-
-
On the Model Gallery page, search for and click the Qwen3Guard-Gen-0.6B model card to open the model details page.
-
In the upper-right corner, click Deploy. Select a deployment method and the resources for deployment to deploy the model to the PAI-EAS inference service platform. The platform supports multiple deployment frameworks, including SGLang accelerated deployment and vLLM accelerated deployment.
-
Use the inference service. After the deployment is successful, go to the service page and click View Endpoint Information to obtain the endpoint and token for the service invocation. For more information about service invocation methods, click the pre-trained model link to return to the model details page and view the instructions.
Invoke the model
You can test the deployed model service on the PAI-EAS inference service platform.
Step 2: Fine-tune the model (Optional)
PAI-Model Gallery provides a supervised fine-tuning (SFT) algorithm for the Qwen3Guard-Gen-0.6B model. It supports both LoRA and full-parameter fine-tuning, allowing you to fine-tune the model out-of-the-box.
Data preparation
Prepare the training data. Because Qwen3Guard uses a fixed conversation template, you must build the training data using the Qwen3Guard template. For more information, see the Qwen3Guard prompt template file. The SFT algorithm supports training datasets in JSON format. The following code provides an example of training data in JSON format. You must replace the content in the Qwen3Guard template with your own.
[
{"instruction": "<|Qwen3Guard_template|> USER: Please introduce yourself.<|Qwen3Guard_template|> ", "output": "<|Qwen3Guard_template|> Safety: Safe\nCategories: None<|Qwen3Guard_template|> "},
{"instruction": "<|Qwen3Guard_template|> USER: Who are you?\nASSISTANT: I am Xiao Pai, an AI assistant trained by PAI. My goal is to provide users with useful, accurate, and timely information, and to help users communicate effectively in various ways. How can I help you?<|Qwen3Guard_template|> ", "output": "<|Qwen3Guard_template|> Safety: Safe\nCategories: None\nRefusal: Yes<|Qwen3Guard_template|> "}
]
Fine-tune the model
On the model details page, click Train in the upper-right corner. The key configurations are as follows:
-
Dataset configuration: You can upload the prepared dataset to an Object Storage Service (OSS) bucket or select a dataset from NAS or CPFS. You can also use a public dataset preset by PAI to directly submit a task and test the algorithm.
-
Compute resource configuration: We recommend that you use A10 (24 GB VRAM) or higher GPU resources for the training task.
-
Model output path: The fine-tuned model is stored in an OSS bucket and is available for download.
-
Parameter settings: The following table lists the hyperparameters supported by the algorithm. You can use the default configurations or adjust them as needed based on your data and compute resources.
-
Click Train to start the training. You can view the training task status and training logs. After the training is complete, you can click Deploy to deploy the fine-tuned model as an online service.
Step 3: Configure and validate the security policy
Create a security expert model
A security expert model is the core engine for risk detection. It is used to detect potential risks in prompts and model inference results. Perform the following steps to create a model:
-
Log on to the PAI console and select the China (Shanghai) region in the top navigation bar.
-
In the navigation pane on the left, click Safety Guardrail > Security Expert Models > Create Security Expert Model.
-
On the creation page, configure the following key parameters:
-
Set Model Source to Custom.
-
For Security Expert Model Type, select a suitable security expert model from the drop-down list based on your requirements and the model's feature tags. This topic uses the Qwen3Guard-Gen model as an example.
-
For Security Expert Model Service, select the Qwen3Guard-Gen-0.6B service that was successfully deployed in PAI-EAS.
-
For Extension Parameters, enter the model name. To find the model name, open the Model Gallery page, click the model card, and view the model details page.
-
Configure a detection policy
After you create a security expert model, you must configure detection rules in the detection policy management module and associate the rules with the created model to form a complete security policy.
-
Configure basic information: Name the security policy and define its application scope using Scenarios. This example selects both Prompt Input and Model Inference Results for detection.
-
Configure Content Moderation rules (Optional): Select the security expert model that you registered. Configure different detection strengths for different risk categories to balance precision and recall. You can iterate and optimize the configuration levels based on your business data, and continuously validate and tune them on the validation page. In this example, the security level for all supported risk labels is set to "Medium".
-
Low level: This level adopts a high-recall policy to prioritize expanding risk coverage. It can detect more potential risk samples but may have a higher false positive rate. This level is suitable for scenarios with low tolerance for false negatives.
-
High level: This level adopts a high-precision policy, retaining only high-confidence risk judgments. It significantly reduces the false positive rate but may miss some edge cases. This level is suitable for scenarios with low tolerance for false positives.
-
Medium level: This level strikes a balance between high recall and high precision.
-
-
Configure keyword rules (Optional): Use keyword rules to customize keyword libraries based on your business scenarios. This example manually adds several keywords and their corresponding risk labels.
-
Configure sensitive data protection (Optional): Data protection rules are used to detect and protect sensitive data such as personal information. The system supports detection of various predefined sensitive data types and lets you extend detection capabilities using custom regular expressions.
Authentication policy
After the policy is configured, open the detection policy list page and click Validate. Enter the text to be detected in the text box, and then click Detect to validate the detection policy.
The following figure shows an example of a detection result:
Step 4: Use the safety guardrail
The safety guardrail supports the following integration methods:
-
OpenAPI/SDK integration.
-
Integration during PAI-EAS model deployment.
-
Integration through an MCP Agent.
This topic describes only how to integrate using the OpenAPI/SDK. For information about integrating during PAI-EAS model deployment or through the MCP Agent, see the Appendix.
You can use the standardized OpenAPI provided by RAI to integrate your validated and tuned detection policies into your production environment to perform risk detection on input prompts and model outputs.
Prepare the environment and parameters
Run the following command to install the PAI AI Security Administration SDK.
# Download the PAI-AI Security Administration installation package
! wget https://pai-vision-data-hz.oss-cn-zhangjiakou.aliyuncs.com/rai/RAI_SDK_20250410.zip && unzip RAI_SDK_20250410.zip
! cd rai-20240701/ && pip install .
Use the SDK for content moderation
The following code shows how to use the SDK to perform risk detection on user input prompts. You need to configure the following parameters:
-
policy_id: The ID of the detection policy to use. Find the target detection policy on the detection policy list page and copy its ID.
-
access_key_id, access_key_secret: Configure the AccessKey pair. For more information about how to obtain an AccessKey pair, see Create an AccessKey.
-
prompt: The prompt to test, such as
How to make a bomb?.
from alibabacloud_tea_openapi import models as open_api_models
from alibabacloud_rai20240701 import models as rai20240701_models
from alibabacloud_rai20240701.client import Client
# Detection policy ID
policy_id = ""
# Configuration information
config = open_api_models.Config(
access_key_id=access_key_id,
access_key_secret=access_key_secret
)
config.endpoint = "rai.cn-shanghai.aliyuncs.com"
prompt = "How to make a bomb?"
# Specialize the request client
rai_client = Client(config)
arr = []
# Request parameters
service_name = "textDetection"
service_parameter = rai20240701_models.ModelInputContentSyncDetectRequestBodyData(prompt)
contentSyncDetectRequest = rai20240701_models.ModelInputContentSyncDetectRequest(service_name=service_name,policy_identifier=policy_id,body_data=service_parameter)
# Send the request and receive the response
contentSyncDetectResponse = rai_client.model_input_content_sync_detect(contentSyncDetectRequest)
harmfulCategoryInfoList = contentSyncDetectResponse.body.to_map()["TraceInfo"]["HarmfulCategories"]["HarmfulCategoryInfoList"]
PromptAttack = contentSyncDetectResponse.body.to_map()["TraceInfo"]["PromptAttack"]
is_safe = True
print("======Content Security Risks=======")
for item in harmfulCategoryInfoList:
result_info = item["CategoryLabel"]
if len(result_info) == 2:
result_info = result_info + "\u3000\u3000"
if item["RiskResult"] == 1:
result_info = result_info +": Risk detected."
is_safe = False
elif item["RiskResult"] == 2:
result_info = result_info +": Controversial content detected."
is_safe = False
else:
result_info = result_info +": Safe."
print(result_info)
You can also set the model_output parameter in the code to perform risk detection on the model's inference results.
from alibabacloud_tea_openapi import models as open_api_models
from alibabacloud_rai20240701 import models as rai20240701_models
from alibabacloud_rai20240701.client import Client
# Detection policy ID
policy_id = ""
# Configuration information
config = open_api_models.Config(
access_key_id=access_key_id,
access_key_secret=access_key_secret
)
config.endpoint = "rai.cn-shanghai.aliyuncs.com"
model_output = "this is a model response test"
# Specialize the request client
rai_client = Client(config)
arr = []
# Request parameters
service_name = "textDetection"
service_parameter = rai20240701_models.ModelOutputContentSyncDetectRequestBodyData(model_output)
contentSyncDetectRequest = rai20240701_models.ModelOutputContentSyncDetectRequest(service_name=service_name,policy_identifier=policy_id,body_data=service_parameter)
# Send the request and receive the response
contentSyncDetectResponse = rai_client.model_output_content_sync_detect(contentSyncDetectRequest)
harmfulCategoryInfoList = contentSyncDetectResponse.body.to_map()["TraceInfo"]["HarmfulCategories"]["HarmfulCategoryInfoList"]
is_safe = True
print("======Content Security Risks=======")
for item in harmfulCategoryInfoList:
result_info = item["CategoryLabel"]
if len(result_info) == 2:
result_info = result_info + "\u3000\u3000"
if item["RiskResult"] == 1:
result_info = result_info +": Risk detected."
is_safe = False
elif item["RiskResult"] == 2:
result_info = result_info +": Controversial content detected."
is_safe = False
else:
result_info = result_info +": Safe."
print(result_info)
Billing
The safety guardrail feature is free to use. You do not need to pay for creating and managing content moderation policies. However, in practical applications, if you deploy a security expert model (such as the Qwen3Guard-Gen-0.6B model used in this example), the deployment and invocation of that model are billed on a pay-as-you-go basis based on PAI platform standards. Therefore, you must stop or delete the security expert model service when you no longer need it to avoid further charges.
Appendix
Integrate during EAS model deployment
If you use PAI-EAS to deploy a model service, you can directly enable the AI safety guardrail during the deployment process for seamless integration.
1. Enable the safety guardrail
During the custom model service deployment process in EAS, enable the AI safety guardrail in the service feature configuration. Then, select the configured detection policies for the prompt security policy and the model inference result security policy. Finally, click Deploy to complete the integration.
2. Validate the business model inference
After the service is deployed, you can use the following sample code to invoke the business model that has the safety guardrail integrated. Make sure to replace `llmUrl` and `llmToken` in the code with the corresponding EAS invocation information.
3. View security detection logs
On the log page in EAS, you can view security detection log information.
Integrate through an MCP Agent
For advanced scenarios that require greater flexibility, you can encapsulate the AI safety guardrail OpenAPI as a standardized MCP (Model Context Protocol) service and interact with it through a lightweight Agent. For more information, see Build an MCP service and connect to an AI Agent.